Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hyper-V ICS 1.0 (w/Synthethic Network Driver) for pfSense 2.1 & 2.1.1

    Scheduled Pinned Locked Moved Virtualization
    193 Posts 41 Posters 145.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      timotl
      last edited by

      Afraid I'm not much help there.
      The config I restored already had the snapshot server as an upgrade source.
      I just did the auto upgrade when it offered.

      1 Reply Last reply Reply Quote 0
      • Z Offline
        zootie
        last edited by

        mylle,

        First, Let's check some basics. Is it connecting to the Internet? Are you able to ping google.com from the pfSense VM console? Are you able to ping pfSense's LAN IP from other hosts on your LAN? Confirm if you are using the native NICs (hn0 and hn1) or Legacy NICs (de0 and de1).

        As timotl points out, his/her existing XML config has the snapshot server as an upgrade source, so the VM installation got upgraded to a 2.1.1 pre-release build. The basic VM I posted is 2.1 Release and it says it is on the latest version. Unless you need something specific to 2.1.1 (or just want to to test it), you don't need to update it.

        If you still want to use 2.1.1, you'd need to either setup your own VM using a 2.1.1 ISO and install the kernel modules manually (Option B), or on a 2.1 installation (like the basic VM in the 7z) you'd need to change the Updater Settings (under System/Firmware on the WebConfigurator) to use a custom URL "http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSense_RELENG_2_1/.updaters/" - Just have in mind that this is an automatic nightly build: you don't know how stable the prerelease version will be and you might be the only one using it until there is an actual 2.1.1 RC Pre-Release.

        1 Reply Last reply Reply Quote 0
        • M Offline
          mylle
          last edited by

          Hi Zootie,

          Thanks for your reply and you image. It works great :)

          I have connectivity and everything works. Im just he kinda guy that loves trying out the bleeding edge code all the time :)

          I already added the Snapshot rep and the newest snapshot downloads just fine but then:

          The image file is corrupt.
          Update cannot continue

          Thats where i get stuck now.

          Regards
          Mylle

          1 Reply Last reply Reply Quote 0
          • A Offline
            ArthurZz1
            last edited by

            Thank you so much for doing this !

            Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?

            1 Reply Last reply Reply Quote 0
            • M Offline
              Magsy
              last edited by

              I've been running 2.1 Beta1 with integration for a long time without issue, so I'm not a great test but so far this is looking stable.

              I'm using your pre-created VM, dual wan balanced on 2012 R2 with Windows LBFO teamed Intel Nics, 4 vNics to guest with tagging at the Hyper-V level.

              Thanks :D

              1 Reply Last reply Reply Quote 0
              • P Offline
                peterclark4
                last edited by

                Many thanks zootie!

                This seems to be the most stable Hyper-V image yet! Before this I was stuck on the 2.0.3 with Hyper-V kernel as it appeared to be the most stable for me.

                Hopefully we can have an official build with the Hyper-V kernel before 2.2 is released.

                Peter

                1 Reply Last reply Reply Quote 0
                • Z Offline
                  zootie
                  last edited by

                  @ArthurZz1:

                  Did anyone managed to make CARP work with this version (using Hyper-V 2012R2 as the host) ?

                  I tried 2.1 and latest 2.1.1 and CARP wouldn't work, stuck on INIT with "ifa_add_loopback_route: insertion failed" in the log.

                  I found a source patch for bridgestp/if/if_bridge that might solve one possible cause for this error. I'll have to make some time to try it.

                  update: bridgestp/if/if_bridge patch didn't seem to have an effect, so unless someone else has an idea, CARP remains non-operational.

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    CloudNut
                    last edited by

                    Hi

                    I am really sorry if this is hi-jacking the thread  :)

                    I have ran your pre-configured VM in windows 2012 R2 and it works brilliant and its very appreciated,

                    I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

                    Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition (please excuse my ignorance I new to freebsd )

                    Any guidance would be much appreciated as I need some space for log retention and squid cache,

                    I also want to run 2 - 4gb of ram would it be correct to say I would need at least the same in a swap partition

                    Or if one pre-configured VM could be made with a bigger disk , I will spot you a few beers I promise as it will get me out of a tight squeeze ;-)

                    1 Reply Last reply Reply Quote 0
                    • Z Offline
                      zootie
                      last edited by

                      @CloudNut:

                      I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

                      Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.

                      I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight. (I've been asked to remove it, so I can't post more versions)

                      Since you already have it, you can try and resize it yourself. I used a FreeBSD 10 VM (should work with FreeBSD 9.x too, unsure about 8.x or if using another copy of pfSense). I expanded the VHD and mounted it on this VM (on the secondary IDE controller), and used the instructions in 18.4. Resizing and Growing Disks and in Resize Your Existing FreeBSD Root Partition/Slice Safely Without Re-Installing

                      First I had to grow the slice (ada0s1) within the disk (ada0) and reboot before the space was visible within the slice. Then followed the instructions to delete the swap partition, expand root to the desired size, and then recreate the swap partition. Run gpart show ada0 and gpart show ada0s1 so you see the changes.

                      
                      #Resize ada0s1 slice to full size of ada0 disk
                      gpart resize -i 1 -a 4k ada0
                      
                      #After reboot (so free  space would be visible within slice)
                      #Delete swap (note it is using the slice)
                      gpart delete -i 2 ada0s1
                      #Expand root (adjust size, assuming it's a 32 GB disk, wanting to leave 4 GB for swap)
                      gpart resize -i 1 -a 4k -s 28G ada0s1
                      #Recreate swap
                      gpart add -t freebsd-swap -a 4k ada0s1
                      #Grow filesystem
                      growfs /dev/ada0s1a
                      
                      

                      Then back in the pfSense VM, I had to recreate the GEOM labels. Boot in single user mode, specify ufs:/dev/da0s1a as the root file system, and then recreate the labels using /sbin/glabel label rootfs /dev/da0s1a and /sbin/glabel label swap /dev/da0s1b. No need to change fstab again (since the labels have the same names).

                      1 Reply Last reply Reply Quote 0
                      • H Offline
                        hege
                        last edited by

                        @HC:

                        ..

                        hv_kvp_negotiate_version
                        Hyperv-utils1: detached
                        hyperv-utils1 on vmbus0
                        hyperv-utils1: Hyper-V service attching: Hyper-v sevice attaching; Hyper-v KVP Service
                        

                        I only get

                        hv_kvp_negotiate_version
                        ```every 12 hours - more or less, with the following Hyper-V Log message.
                        
                        

                        Hyper-V Data Exchange connected to virtual machine 'MachineName', but the version does not match the version expected by Hyper-V (Virtual machine ID Machine-ID). Framework version: Negotiated (3.0) - Expected (3.0); Message version: Negotiated (4.0) - Expected (5.0)....unsupported....

                        
                        Think we can ignore that?
                        
                        Update about my experience with the new driver:
                        
                        I'm testing the new iso now at four different locations in production systems. The only issue i could find is, that the performance (in my case the throughput) seems to be poorer on **realtek** nics.
                        
                        [1] Hyper-V 2012 R2 | AMD    | 1GiB Ram      | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on  | 20 Users
                        [2] Hyper-V 2012 R2 | Intel i7| 1GiB Ram      | 1x Intel NIC 1x Private NIC (Hyper-V) | 100Mbit Internet | Traffic shapping on  | 8 Users
                        [3] Hyper-V 2012 R2 | Intel i3| 512 MiB Ram | 1x Intel NIC 1x Realtek                      | 70Mbit Internet  | Traffic shapping off  | 2 Users
                        [4] Hyper-V 2012 R2 | Intel i5| 512 MiB Ram | 2x Intel NIC                                        | 4Mbit Internet    | Traffic shapping on  | 6 Users
                        
                        Great work!
                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          CloudNut
                          last edited by

                          @zootie:

                          @CloudNut:

                          I  cannot seem to be able to get Option B. Recompiled Kernel Modules working as I need a hard drive bigger than 1gb,

                          Is there any possible way to increase the VHD as I can not seem to find one and then expand the partition.

                          I'm creating versions of the preconfigured VM with a larger disk/swap. I'll try and post them tonight.

                          Zootie thanks so much your a legend especially to us Hyper-v admins that would love to use what I consider the best Software UTM out there ;-),

                          1 Reply Last reply Reply Quote 0
                          • ? This user is from outside of this forum
                            Guest
                            last edited by

                            @zootie:

                            If requested, I'll promptly remove the VHD (no need of lawyers, just an admin post here - hopefully this thread won't be removed). In the meantime, I believe I'm complying with the spirit of the post: It's an effort to contribute to the community. I'm providing the community a most useful feature specific to their HW platform (Hyper-V), I'm not modifying the pfSense trademark, I'm giving full attribution to the project, I'm providing all the information needed so the feature can be added to the project in the future, and I'm asking the community to test it and document their experiences on a public forum (so the project has all the information available).

                            I don't know if I'm an 'admin' or not.  (Turns out: I am.) If not, I can make myself one pretty quick.

                            I'll ask nicely that you take this down.  What follows are snippets from what the eventual communication about the issue will be, when we (finally, sorry) address the community about it.

                            The issue really is our trademark(s).  pfSense® and "pfSense Certified"® are registered trademarks of Electric Sheep Fencing, LLC.  The pfSense logo is a trademark of Electric Sheep Fencing, LLC.

                            The issue with you using “pfSense” it that it is possible to lose rights in a mark by licensing the mark to others without controlling the nature and quality of the goods or services the licensee offers under the mark.  This concept is often referred to as “naked licensing.”  This is the reason why we insist that only things we build be described as “pfSense”.

                            Another way in which rights may be lost is by misusing the mark – or by failing to police against the mark’s misuse by others – so that the mark ceases to indicate the source of goods or services and becomes a generic word (like escalator and cellophane, which originally were trademarks but came to be understood by the public as the generic names of the products for which they had been used as brands).

                            Now, that's not a complete treatise on the issues, it's just illustration of the problem.  Your intent, however noble, doesn't matter, because the issue is, if we allow it "enough", someone else, some third-party, can come along and demand that the mark be canceled.  (It happened to me, and not long ago.  http://www.plainsite.org/dockets/index.html?id=2283547)

                            El Reg posted a story a few days ago about Mozilla's lawyers arguing with Dell about Dell charging to install Firefox.
                            http://www.theregister.co.uk/2014/03/10/mozilla_investigates_fee_for_firefox_dell_claims/  This following: http://www.theregister.co.uk/2014/03/05/mozilla_probes_dell_over_firefox_installation_claims/

                            Which is really all about: http://www.mozilla.org/en-US/foundation/trademarks/faq/

                            The Mozilla “business model” is about getting Firefox (and friends) distributed far and wide.  Dell charging a fee for the distribution interrupts that model (fewer people take it), so Mozilla does not allow it.

                            The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic.  We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.

                            That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

                            Finally, I don't know who deleted that thread. I responded to the end of the thread asking the individual to take it down, but I didn't delete the thread.  Chris (cmb) tells me he didn't do it.  There are only a few others who could have.  To be perfectly frank, it was me who demanded that the -tools repo be taken down until we could find a solution.  I am trying for minimum impact on the community.

                            @zootie:

                            Option C might not be operational right now unless you have access to the pfsense-tools repository, or until it is brought back (with restrictions). I just wanted to write the instructions down so contributors can try and incorporate the modules into the build process in the future.

                            The -tools repo will return just as soon as I can satisfy all parties with a solution.

                            The reason it was withdrawn was because someone did the unthinkable:

                            • they built something called "pfSense 2.2", which was not pfSense, nevermind 2.2

                            • they released it, leaving all indicia intact

                            • they announced it on the forum

                            (EDIT: formatting, spelling and "I am.")

                            1 Reply Last reply Reply Quote 0
                            • P Offline
                              peterclark4
                              last edited by

                              So what needs to happen for us to have an official pfSense build with Hyper-V support?

                              The latest image that Zootie has provided has a greater stability than the official build under Hyper-V!

                              I use it in a Hyper-V environment extensively. At first I had to use the "Legacy Network cards" and then install ShellCmd to bring each of the interfaces down and up again to work. This kind of worked but we have reduced throughput due to the "Legacy Network cards".

                              Since these unofficial builds have been available the pfSense installs have been a lot more stable and have much better throughput.

                              I understand that you are protecting your trademark and I think that pfSense is worth protecting.

                              If you need to test an official pfSense build with Hyper-V support I'll be more than happy to test so that this can be released.

                              Peter

                              1 Reply Last reply Reply Quote 0
                              • H Offline
                                hmh
                                last edited by

                                @gonzopancho:

                                ….
                                The business of pfSense (the products and projects) is very much dependent on exactly the same distribution dynamic.  We want pfSense distributed far and wide, but in an unmodified form from what we build, and without charge.

                                That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

                                ….

                                (EDIT: formatting, spelling and "I am.")

                                Hi gonzopancho!

                                Community need Hyper-V support!
                                If pfSense team currently don't have time/resources to produce stable Hyper-V image, please!!!, build a testing image with zooties patches
                                It's working except CARP!

                                Many people want to use pfSense on Hyper-V, and use it today…
                                Create offical thread pfSense on Hyper-V and you will get feedback from community
                                Community will hunt down bugs in the pfSense software :)

                                Thank you!

                                P.S.
                                Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!

                                1 Reply Last reply Reply Quote 0
                                • H Offline
                                  hege
                                  last edited by

                                  @hmh:

                                  P.S.
                                  Community, if you want to use pfSense on Hyper-V, please post your thoughts about it!

                                  That's the beginning of the end of the pfSense community.

                                  @gonzopancho:

                                  That all said, if you are willing to work with us, we are willing to engage on getting an official pfSense for Hyper-V build done, and distributed.  If you're interested, we're interested.

                                  More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

                                  1 Reply Last reply Reply Quote 0
                                  • Z Offline
                                    zootie
                                    last edited by

                                    As requested, I've removed the VM from the links, I just left a readme with a link to this thread.

                                    I can't remove the kernel modules zip from the first post (since I can't edit it anymore due to forum restrictions). However, I'd ask admins to please leave it in place so adventurous users can try and get Option B working for their environment. It only has the kernel compiled modules and the source patch file. While they were compiled using pfSense tools, the zip itself doesn't contain pfSense itself, and the process to get them to work implies that users doing it understand that they are modifying pfSense outside of its original distribution (and have no support or certification expectations by doing so).

                                    I think most of us understand ESF's need to control the distribution and quality of pfSense, we're just frustrated because this is critical for our needs (both for network and disk throughput and to be able to shutdown the VM in a way compatible with Hyper-V and Windows Clustering) and we feel somewhat neglected after years of asking for help. The current measures seem to be a overreaction to the acts of others and in preparation of 2.2, but I think most can see the slippery slope. We are grateful to the project and want to help. I hope we can find a middle ground: a way to contribute to the community w/o grinding grassroots efforts to a halt.

                                    The pfSense-Hyper-V sub-community has waited a long time to have better Hyper-V support and there is considerable interest (as the number of views of the old thread show), and we have tried to get attention to these efforts so they become part of the official distribution (partly why I've gone to great pains to try and document everything I've done, so it can be formalized and included in the official distribution). From a couple of old posts, it seemed that part of the problem was that the development team didn't have any servers with Hyper-V to test, so when the original driver source was released and we figured out a way to get them working with pfSense, it made sense to try and get the community involved in testing in a variety of environments.

                                    Please let us know how we can help.

                                    1 Reply Last reply Reply Quote 0
                                    • P Offline
                                      peterclark4
                                      last edited by

                                      @hege:

                                      More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

                                      Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum!

                                      Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2???

                                      Peter

                                      1 Reply Last reply Reply Quote 0
                                      • Z Offline
                                        zootie
                                        last edited by

                                        @peterclark4:

                                        @hege:

                                        More than 50k views on the old hyper-v integration thread. Only one post from an admin there. We're interested, we have to, because the pfSense team seems to have other interests.

                                        Good point! It is the most viewed thread in the "Virtualization installations and techniques" forum!

                                        Surely we must have enough people interested in the community to have a build that supports Hyper-V without having to wait for pfSense 2.2???

                                        Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older).

                                        So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process?

                                        1 Reply Last reply Reply Quote 0
                                        • D Offline
                                          dineshsharma
                                          last edited by

                                          When it comes to non-profits, Microsoft is very generous. And using something so wonderful like pfSense and using advanced hypervisor features like VM Replication, live export of running VM etc makes the life a lot easy. If I had budget to buy VMWare licenses then we could have also bought a commercial firewall like Sonicwall/Cyberoam etc.

                                          If the idea is to reach far and wide, then Hyper-V is not something that should be ignored.

                                          1 Reply Last reply Reply Quote 0
                                          • P Offline
                                            peterclark4
                                            last edited by

                                            @zootie:

                                            Indeed, it is the most read by far, nearly 4x views than the most viewed sticky thread (I don't know why it never got made into a sticky, maybe because it was too confusing - partly why I started this one, so it could be made into a sticky). Looking on other forums, there is only a handful of threads that have more views (many of them older).

                                            So far, the kernel modules seem to work fine with 2.1.1. Unless there are big source changes coming in 2.1.1, it should be possible to include Hyper-V support in the build process for 2.1.1 (so we can begin testing with snapshopts). How can we help to get this in the official development, build, and distribution process?

                                            Is it possible for the pfSense team (or should I say ESF?) to implement this into 2.1.1???

                                            Even if it means that we have to enable it in the Advanced settings or modify some System Tunables or something.

                                            Peter

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.